Snort mailing list archives
RE: options for consideration
From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Tue, 22 Apr 2003 16:28:07 -0400
Other than the various "attack response" rules that Snort already uses, I don't really think that an additional feature is feasible/possible. How would Snort know that an attack succeeded? Snort only monitors the actual traffic on a wire, not processes on any particular network node. The best it could do would be to see some type of response from the compromised network device. Hence the "attack response" rules. My two cents... - Christopher -----Original Message----- From: Slighter, Tim [mailto:tslighter () itc nrcs usda gov] Sent: Tuesday, April 22, 2003 3:49 PM To: Snort-Users (E-mail) Subject: [Snort-users] options for consideration What are the possibilities of implementing an additional feature into snort that would inform the user if an attack was successful or not? ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- options for consideration Slighter, Tim (Apr 22)
- <Possible follow-ups>
- RE: options for consideration L. Christopher Luther (Apr 22)
- Re: options for consideration Allan Dover (Apr 23)